Solved

Downloads mistakenly denied

Posted on 2012-04-03
1
530 Views
Last Modified: 2012-04-04
Dear all,

We'rve been using  Forefront TMG for a few months in single NIC configuration.  for most websites, we deny  download of certain types of content. But we would like to allow everything for  a limited numbers of website, like Intranet websites. No restriction is applied except for the destination.. It's open to all users, all content types, all protocolsThis rules is called:

Anonymous access

So we created a rule allowing everything for those  Domain and URLs sets for which we want to allow  users to download. the rules comes is at  the top of the "Web Access policy Group" list.


And down the list you can find the rule that denies download for every other websites except the Domain and URLs sets for which we allow downloads specified "Anonymous Access" rule above. This denying rules is called

HTTP Downloads Forbidden

Rule settings:
Users: Domain Users.Exceptions: Admins and Helpdesk
From: Internal and local host
To:Internal and local host: Exceptions: Domain, Network and URLs sets specified in the "Anonymous Access rule"


Administrators and Helpdesk have no problem. But  domain users when trying to download from URL's contained in  the "Anonymous access" rule, they still get blocked by the "HTTP Downloads Forbidden" rule.

Any idea?

Thanks everyone!

Mart
0
Comment
Question by:MartCar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
rafter81 earned 500 total points
ID: 37803659
The domains and/or urls are not being actioned correctly.  I've found in the past that this can be for various reasons.  It can be that the domain or url the site initially goes to then goes to another site.  It can simply be that its the IP address that is recognised instead of the url or domain.  I've found that domains and url rules are unreliable.

Have you tried looking up a particular site you want to give access to, find it's IP address and give access that way in the "anonymous rule"..  Adding it as a computer or computer set, or subnet if relevent.

Its worth trying out IP addresses - it will confirm if the 1st rule is actually working correctly as its not using this rule it is going through to the deny rule which domain users are denied.  That would be why its working ok for your admins as they are exceptions..
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question